I am also having some issues with JBoss Collaboration server MQ's. I am trying to "lock down" the queues, and context but am a little lost.
I am using the user roles properties file It has two users there roles are listed as such... user1=calendaruser,adminuser user2=calendaruser,adminuser and they have the reqd password/user file so now I see I can change this... <mbean code="org.jboss.mq.server.jmx.Queue" | name="jboss.mq.destination:service=Queue,name=testQueue"> | <depends optional-attribute-name="DestinationManager">jboss.mq:service=DestinationManager</depends> | <depends optional-attribute-name="SecurityManager">jboss.mq:service=SecurityManager</depends> | <attribute name="MessageCounterHistoryDayLimit">-1</attribute> | <attribute name="SecurityConf"> | <security> | <!-- <role name="guest" read="true" write="true"/> --> | <role name="publisher" read="true" write="true" create="false"/> | <role name="noacc" read="false" write="false" create="false"/> | <!-- <role name="user2" read="true" write="false" create="false"/> --> | <!-- <role name="user1" read="true" write="false" create="false"/> --> | </security> | </attribute> | </mbean> I got rid of guest, which I imagine is almost as bad as the "guest" user account in Windows XP. >From what I interpret, whomever publishes the messages to the queue, can do >whatever they want, someone that "noacc" (?no account?) can do nothing >whatsoever, so how do I add access say to user1 or user2 as mentioned earlier? I tried the above, dont laugh, but didnt work...Any insight would be greatly appreciated, I just would like to ensure that users have to auth if visiting the queues or context. i'm trying roles of "acc", "username", etc but nothing is working, and trying to google "Jboss roles", didnt come up with much And I see, as well as you stated, that in "jbossmsq-service.xml" i could change <mbean code="org.jboss.mq.security.SecurityManager" name="jboss.mq:service=SecurityManager"> | <attribute name="DefaultSecurityConfig"> | <security> | <role name="guest" read="true" write="true" create="true"/> | </security> | </attribute> | <attribute name="SecurityDomain">java:/jaas/jbossmq</attribute> | <depends optional-attribute-name="NextInterceptor">jboss.mq:service=DestinationManager</depends> | </mbean> would this mean, that no one could browse, search, etc the actual context itself? This would be very nice. Is the means of locking down this also the same as locking down a queue? Any insight is extremely appreciated View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3955161#3955161 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3955161 Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user